Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2022-04-01.

Timeline guidance

Alternative versions

  1. Point in time
    2022-04-01

MIFIDPRU 7.2 Internal governance

MIFIDPRU 7.2.1R
  1. (1)

    1A MIFIDPRU investment firm must have robust governance arrangements, including:

    1. (a)

      a clear organisational structure with well defined, transparent and consistent lines of responsibility;

    2. (b)

      effective processes to identify, manage, monitor and report the risks the firm is or might be exposed to, or the firm poses or might pose to others; and

    3. (c)

      adequate internal control mechanisms, including sound administration and accounting procedures.

  2. (2)

    1The arrangements in (1) must:

    1. (a)

      be appropriate and proportionate to the nature, scale and complexity of the risks inherent in the business model and the activities of the firm; and

    2. (b)

      be compatible with the requirements in the FCA Handbook relating to risk management and internal governance, for example those in MIFIDPRU 7 and SYSC, that apply to the firm.

MIFIDPRU 7.2.2G

1When establishing and maintaining the arrangements in MIFIDPRU 7.2.1R(1), a firm should consider at least the following:

  1. (1)

    the requirements that apply to the firm under MIFIDPRU 7 and SYSC 19G (MIFIDPRU Remuneration Code);

  2. (2)

    the legal structure of the firm, including its ownership and funding structure;

  3. (3)

    whether the firm is part of a group;

  4. (4)

    the type of activities for which the firm is authorised, including the complexity and volume of those activities;

  5. (5)

    the business model and strategy of the firm, including its risk strategy, risk appetite and risk profile;

  6. (6)

    the types of client the firm has;

  7. (7)

    the outsourced functions and distribution channels of the firm; and

  8. (8)

    the firm’s existing IT systems, including continuity systems.

Governance for risk management

MIFIDPRU 7.2.3R
  1. (1)

    2The management body of a MIFIDPRU investment firm has overall responsibility for risk management. It must devote sufficient time to the consideration of risk.

  2. (2)

    The management body of a MIFIDPRU investment firm must be actively involved in, and ensure that adequate resources are allocated to, the management of all material risks, including the valuation of assets, the use of external ratings and internal models relating to those risks.

  3. (3)

    A MIFIDPRU investment firm must establish reporting lines to the management body that cover all material risks and risk management policies and changes thereof.

MIFIDPRU 7.2.4R
  1. (1)

    2A MIFIDPRU investment firm must ensure that the management body in its supervisory function and any risk committee that has been established have adequate access to information on the risk profile of the firm and, if necessary and appropriate, to the risk management function and to external expert advice.

  2. (2)

    The management body in its supervisory function and any risk committee that has been established must determine the nature, the amount, the format, and the frequency of the information on risk which they are to receive.